-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Intermittent InvalidJwtError: Failed to parse session token error #808
Comments
Hi! Usually, this error might happen if the clocks between the client and server drift too much - we allow for a certain margin of error, but if the clocks are too far apart, we won't be able to verify the JWT. This is a security feature to prevent attackers from reusing old tokens for replay attacks. Could you please check whether your server's time is accurate to see if that helps fix the issue? |
Hi @paulomarg Thanks for the response. The Invalid JWT error we have faced in an intermittent basis and difference in the servers' times would result in a constant problem. Do you have any insight on why this happens on an intermittent basis? |
Nothing that would cause an expiration date error to happen. That error happens when the token's Note that the token lasts for only a minute, and we have that grace period built into the check, which combined make for a window longer than the token's life where it can be used. It might happen that the request happens at the edge of that window, and the clock difference might appear there. One thing that would be helpful is to tell how long ago the token expired when that happens. If you can catch that error and print out the token's payload we can see what the |
We are closing this issue because we did not hear back regarding additional details we needed to resolve this issue. If the issue persists and you are able to provide the missing clarification we need, feel free to respond and reopen this issue. We appreciate your understanding as we try to manage our number of open issues. |
Issue summary
Before opening this issue, I have:
@shopify/*
package and version:{ logger: { level: LogSeverity.Debug } }
in my configuration, when applicableExpected behavior
Shopify.Utils.decodeSessionToken
should return a valid JWT payloadActual behavior
Shopify.Utils.decodeSessionToken
throws an InvalidJwtError on an Intermittent basis.Package version used: 3.0.0
Node version: v16.17.0
What actually happens?
Steps to reproduce the problem
It happens on Intermittent basis and we couldn't reproduced the issue in our testing. But it crashes the app.
Reference thread found in archived repository
The text was updated successfully, but these errors were encountered: